P
US12461554B2ActiveUtilityPatentIndex 47

System including a secure application configured to perform a clock update procedure

Assignee: NXP USA INCPriority: Nov 18, 2022Filed: Aug 30, 2023Granted: Nov 4, 2025
Est. expiryNov 18, 2042(~16.4 yrs left)· nominal 20-yr term from priority
Inventors:MARSHALL RAY CHARLESSATSANGI MOHITBENING ANDREAS
G06F 21/74G06F 21/57G06F 21/725G06F 1/3237G06F 1/08G06F 1/14
47
PatentIndex Score
0
Cited by
18
References
20
Claims

Abstract

A system comprising a real time clock, RTC, and a processor configured to execute a secure application to provide a secure clock and configured to operate in a first low-power-mode and a first normal-mode, and a non-secure application configured to perform a clock modification procedure and configured to operate in a second low-power-mode and a second normal-mode, the system configured to perform a secure clock initialisation procedure comprising obtaining a record of a current time from the RTC based on a transition from the first low-power-mode to the first normal-mode, wherein the secure application is configured to perform a clock update procedure including updating the RTC with a secure record of the current time and wherein the system is further configured to prevent performing the clock modification procedure after the clock update procedure has been performed.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
         1 . A system comprising:
 a real time clock, RTC, configured to keep a record of a current time,   at least one processor configured to execute at least a secure application and a non-secure application, wherein   the secure application is configured to operate in a first low-power-mode and a first normal-mode, wherein the secure application is configured to provide a secure clock for maintaining a secure record of the current time when operating in the first normal-mode, and wherein the secure clock is disabled during the first low-power-mode; and wherein   the non-secure application is configured to operate in a second low-power-mode and a second normal-mode, wherein the non-secure application is configured to perform a clock modification procedure to update the RTC via a second communication link between the non-secure application and the RTC when the non-secure application is operating in the second normal-mode and not when the non-secure application is operating in the second low-power-mode; and wherein   the system is configured to cause the secure application to perform a secure clock initialization procedure comprising obtaining the record of the current time from the RTC for initializing the secure clock based on a transition from the first low-power-mode to the first normal-mode, wherein   the secure application is configured to perform a clock update procedure as part of a transition from the first normal-mode to the first low-power-mode, the clock update procedure comprising, via a first communication link between the secure application and the RTC, providing for updating of the RTC with the secure record of the current time, and wherein   the system is further configured to prevent the non-secure application from performing the clock modification procedure after the clock update procedure has been performed, whilst the secure application is in the first low-power-mode and prior to the secure clock initialization procedure.   
     
     
         2 . The system of  claim 1 , wherein the RTC is a hardware based RTC. 
     
     
         3 . The system of  claim 1 , wherein
 the system being further configured to prevent the non-secure application from performing the clock modification procedure after the clock update procedure has been performed comprises:
 the system being configured to perform the clock update procedure after the non-secure application has transitioned from the second normal-mode to the second low-power-mode. 
   
     
     
         4 . The system of  claim 1 , wherein
 the system being further configured to prevent the non-secure application from performing the clock modification procedure after the clock update procedure has been performed comprises:
 the system being configured to block communication over the second communication link. 
   
     
     
         5 . The system of  claim 1 , wherein the system is configured to perform the clock modification procedure based on a detected change in temperature for calibration of the RTC. 
     
     
         6 . The system of  claim 1 , wherein
 the non-secure application is configured to an indication of the current time from an external time reference, and wherein the system is further configured to perform the clock modification procedure based on a difference between the RTC and said current time from the external time reference.   
     
     
         7 . The system of  claim 1 , wherein
 based on the transition from the first normal-mode to the first low-power-mode, the system is further configured to compare the record of the current time from the RTC with the secure record of the current time from the secure clock, and wherein   performing the clock update procedure is conditional on the comparison indicating a difference between the record of the current time and the secure record of the current time above a predetermined threshold.   
     
     
         8 . The system of  claim 7 , wherein
 the system is configured to generate a signal indicative of whether the difference between the record of the current time and the secure record of the current time is above the predetermined threshold or below the predetermined threshold, and wherein   the system is configured to store the generated signal to provide a record of a status of RTC.   
     
     
         9 . The system of  claim 7 , wherein the predetermined threshold is based on an elapsed time since a most recent clock initialization procedure, wherein the elapsed time is based on the secure clock. 
     
     
         10 . The system of  claim 9 , wherein
 the secure clock comprises a timer arrangement configured to determine the elapsed time since the most recent clock initialization procedure, and wherein   the secure record of the current time is based on a snapshot of the current time from the RTC taken during the secure clock initialization procedure and the elapsed time.   
     
     
         11 . The system of  claim 9 , wherein
 the predetermined threshold is defined as a percentage of the elapsed time.   
     
     
         12 . The system of  claim 1 , wherein
 the secure application is further configured to perform a secure clock update procedure to update the secure record of the current time based on an authenticated message from a trusted entity.   
     
     
         13 . The system of  claim 1 , wherein
 the secure application is configured to perform secure processing at least in part based on said secure record of the current time.   
     
     
         14 . The system of  claim 13 , wherein
 the secure processing includes one or more of:
 an application of a cryptographic function to data, and 
 checking a validity of security certificates. 
   
     
     
         15 . An electronic device comprising the system  claim 1 . 
     
     
         16 . A method of operating a system, the system comprising:
 a real time clock, RTC, configured to keep a record of a current time,   at least one processor configured to execute at least a secure application and a non-secure application, wherein the secure application is configured to operate in a first low-power-mode and a first normal-mode, wherein the secure application is configured to provide a secure clock for maintaining a secure record of the current time when operating in the first normal-mode, and wherein the secure clock is disabled during the first low-power-mode; and wherein the non-secure application is configured to operate in a second low-power-mode and a second normal-mode, wherein the non-secure application is configured to perform a clock modification procedure to update the RTC via a second communication link between the non-secure application and the RTC when the non-secure application is operating in the second normal-mode and not when the non-secure application is operating in the second low-power-mode; and wherein the method comprises:   performing, by the secure application, a secure clock initialization procedure comprising obtaining the record of the current time from the RTC for initializing the secure clock based on a transition from the first low-power-mode to the first normal-mode;   performing, by the secure application, a clock update procedure as part of a transition from the first normal-mode to the first low-power-mode, the clock update procedure comprising, via a first communication link between the secure application and the RTC, providing for updating of the RTC with the secure record of the current time; and   preventing the non-secure application from performing the clock modification procedure after the clock update procedure has been performed, whilst the secure application is in the first low-power-mode and prior to a subsequent secure clock initialization procedure.   
     
     
         17 . The method of  claim 16 , wherein the method comprises:
 performing the clock update procedure after the non-secure application has transitioned from the second normal-mode to the second low-power mode.   
     
     
         18 . The method of  claim 16 , wherein the method comprises:
 performing the clock modification procedure based on a change in temperature for calibration of the RTC.   
     
     
         19 . The system of  claim 1 , wherein
 the at least one processor comprises a single processor comprising at least two cores comprising a first core and a second core, wherein,   the first core is configured to execute the secure application and   the second core is configured to execute a non-secure application.   
     
     
         20 . The system according to  claim 1 , wherein
 the system forms part of a system on a chip (SOC) arrangement.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.